Web App Penetration Testing - #10 - XSS(Reflected, Stored & DOM)

You are one of the best youtubers that really explain what is going on behind the scenes and not just jumping around with no explaining about it. Thanks you so much!!! Liked it! Hope you will make a part 2 cause this is very intresting and helpfull!!!

Thanks for this, I'm studying CEH and XSS is something I've struggled with. Very clear and you've explained it better in 17 minutes than the EC Council did in an entire chapter.

Was struggling to understand the difference between DOM and reflected. this was actually clear and helped me understand. keep up the content!

Where's the love button on this thing. Thanks so much. I'm just beginning web app pentesting and you're making my life so much easier with these tutorials. Keep up the excellent work.

05:09 "remember u hv to be humble" - how very well said man !!!

Half understood! However, I really appreciate.
I'll be practicing to understand as well as I can!
Good job! Thank you again.

Hey, @hackersploit you have not updated the XSS part. Means on high-level security. Such as you said at the end.

Great work as always Alexis! Loving your work!

This playlist is not complete man! Some videos is not listed here... Please take a look on it again. Like, #8 is missing. I would love to highly request you that please rearrange a full playlist for Web App Penetration Testing

Very Well Explained Sir. Waiting for the advanced XSS :)

Best video I ever seen... I understand it faster

i finally have account to the hackersploit website

Also for dom you can manipulate the site url into anything. .just like what we saw in reflected.

DOM based XSS begins at 13:38

I'm late, you rock HSploit

detailed information. just brilliant. all the best and take care.👍

iv been waiting for this part of web app

i have notif for watching your videos.

Awesome!

At 14:44, what do you mean by "a language that a client can understand"? As far as I know, Javascript is understood by clients and code between tags can be executed by clients. Also, isn't the "onerror" action in "

Great video, really glad I subscribed.

You should make a video on the raspberry pi 3 , its a fascinating topic and id love to get your opinion on it and how to use kali linux on it.

Nice video. Keep up the good work

aw

Thank you!

Thank you! Great work!

Thank you so much for the video sir....

Thanks for the great videos !

at 14:50 dont understand why code doesn't work if javascript is a client side language... it should work like an html tag or I'm wrong, if so, why? thanks

so what would someone want to do something like this for?

thanks brother #Alexis.... u r the best....

So both the website needs to be vulnerable to accept a stored xss and the user's browser that retrieves it needs to be vulnerable for the script to do certain things?

@Alex aka hackersploit....
Your the Greatest of all time > G.O.A.T

I love this man ❤️❤️

Well explained....thanks

Love your every video ;)

I'm confused between DOM-Based XSS and Reflected XSS. I understand they're both affecting the victim on the client side and that reflected uses Javascript and DOM-Based uses AJAX. But is that really it? Could you be more specific?

thanks myan i was able to get idea and i find xss on isp payment gateway.

Amazing Video

Nice video broo

So if I go to a website and use the that pop up script in it and it works, does that mean that site would be vulnerable to other scripts? If it does then is it only for xss (get) or both xss (get) and xss (post). Sorry if I'm using the wrong terminology or this is a really stupid question, I'm a noob :p

reflected, stored, dom -got it. rdy for more

Please tell me How can we identify XSS attack from access log file? I mean, how it stores footprints over there in log file?

Thanks

Hey there, nice video. Are you thinking about making any new udemy courses??

Thanks, however, what does it mean for DOM that the input is "processed by the client"? I dont get how to differentiate it from the other 2 XSS attacks.

hi do you have the video this kind of attack XSS but using dvwa or webgoat ?

thank you verry nuch, i should ask you if i found xss in any site how i can exploit it and git the admin page of site ?

Thanks you are the best

It's good bro..

Ur the best with hacking
Im french

Hi there
What is the best way to check if the input form field is Vulnerable to xss. The thing is the form field does not do any popup on render tab so it is hard to verify

I didn't understand the difference between Cross-site Scripting Reflected and DOM-based cross-site scripting. Can someone explain this to me ? For me he does the same thing in each of these examples.

Would love an in-depth udemy course on Web Testing :)

Hello, how can I download your app

how does do i steal another users cookie?

Peace Man. I waiting for the high lvl of bwapp xss's

How Refected XSS use for Hacking ? I am bit Confused.

can you share some more examples for DOM based XSS

also webvuln.com is good for testing for those who dont want to run a vm of a lab

Just use Angular.

peace

Can u perform xss pls ?

Ss7 video demo bro

do u have a whassup group
or a telegram group

hello hackersploit, please do a tutorial on xsser tool.

guys what's ARC-4 data

can we use this attack to upload shell ?

alert("hi hackan")

If your new to web app pen testing , you wont understand anything so hit the basic n come back (based on a true story)

and testing with zap

First to view and like

First Like 👍

where is DOM Based XSS ! always time pass videos :-(

pleaseeeeee......do more, talk less. Still like your videos.

Awesome!